edhoc 1.0.4 → 1.1.0

package/src/Suites.cpp

@@ -5,13 +5,11 @@ static const struct edhoc_cipher_suite edhoc_cipher_suite_0 = {
     .value = 0,             // Suite identifier 0
     .aead_key_length = 16,  // Key length for AES-CCM-16-64-128 (16 bytes)
     .aead_tag_length = 8,   // Authentication tag length for AES-CCM (8 bytes)
-    .aead_iv_length =
-        13,             // Initialization vector length for AES-CCM (13 bytes)
-    .hash_length = 32,  // Output length for SHA-256 (32 bytes)
-    .mac_length = 8,    // MAC length (8 bytes)
-    .ecc_key_length = 32,  // Elliptic curve key length for X25519 (32 bytes)
-    .ecc_sign_length =
-        64,  // Signature length for EdDSA using X25519 (64 bytes)
+    .aead_iv_length = 13,   // Initialization vector length for AES-CCM (13 bytes)
+    .hash_length = 32,      // Output length for SHA-256 (32 bytes)
+    .mac_length = 8,        // MAC length (8 bytes)
+    .ecc_key_length = 32,   // Elliptic curve key length for X25519 (32 bytes)
+    .ecc_sign_length = 64,  // Signature length for EdDSA using X25519 (64 bytes)
 };
 
 // Cipher Suite 1
@@ -19,13 +17,11 @@ static const struct edhoc_cipher_suite edhoc_cipher_suite_1 = {
     .value = 1,             // Suite identifier 1
     .aead_key_length = 16,  // Key length for AES-CCM-16-128-128 (16 bytes)
     .aead_tag_length = 16,  // Authentication tag length for AES-CCM (16 bytes)
-    .aead_iv_length =
-        13,             // Initialization vector length for AES-CCM (13 bytes)
-    .hash_length = 32,  // Output length for SHA-256 (32 bytes)
-    .mac_length = 16,   // MAC length (16 bytes)
-    .ecc_key_length = 32,  // Elliptic curve key length for X25519 (32 bytes)
-    .ecc_sign_length =
-        64,  // Signature length for EdDSA using X25519 (64 bytes)
+    .aead_iv_length = 13,   // Initialization vector length for AES-CCM (13 bytes)
+    .hash_length = 32,      // Output length for SHA-256 (32 bytes)
+    .mac_length = 16,       // MAC length (16 bytes)
+    .ecc_key_length = 32,   // Elliptic curve key length for X25519 (32 bytes)
+    .ecc_sign_length = 64,  // Signature length for EdDSA using X25519 (64 bytes)
 };
 
 // Cipher Suite 2
@@ -33,10 +29,9 @@ static const struct edhoc_cipher_suite edhoc_cipher_suite_2 = {
     .value = 2,             // Suite identifier 2
     .aead_key_length = 16,  // Key length for AES-CCM-16-64-128 (16 bytes)
     .aead_tag_length = 8,   // Authentication tag length for AES-CCM (8 bytes)
-    .aead_iv_length =
-        13,             // Initialization vector length for AES-CCM (13 bytes)
-    .hash_length = 32,  // Output length for SHA-256 (32 bytes)
-    .mac_length = 8,    // MAC length (8 bytes)
+    .aead_iv_length = 13,   // Initialization vector length for AES-CCM (13 bytes)
+    .hash_length = 32,      // Output length for SHA-256 (32 bytes)
+    .mac_length = 8,        // MAC length (8 bytes)
     .ecc_key_length = 32,   // Elliptic curve key length for P-256 (32 bytes)
     .ecc_sign_length = 64,  // Signature length for ES256 using P-256 (64 bytes)
 };
@@ -46,10 +41,9 @@ static const struct edhoc_cipher_suite edhoc_cipher_suite_3 = {
     .value = 3,             // Suite identifier 3
     .aead_key_length = 16,  // Key length for AES-CCM-16-128-128 (16 bytes)
     .aead_tag_length = 16,  // Authentication tag length for AES-CCM (16 bytes)
-    .aead_iv_length =
-        13,             // Initialization vector length for AES-CCM (13 bytes)
-    .hash_length = 32,  // Output length for SHA-256 (32 bytes)
-    .mac_length = 16,   // MAC length (16 bytes)
+    .aead_iv_length = 13,   // Initialization vector length for AES-CCM (13 bytes)
+    .hash_length = 32,      // Output length for SHA-256 (32 bytes)
+    .mac_length = 16,       // MAC length (16 bytes)
     .ecc_key_length = 32,   // Elliptic curve key length for P-256 (32 bytes)
     .ecc_sign_length = 64,  // Signature length for ES256 using P-256 (64 bytes)
 };
@@ -63,8 +57,7 @@ static const struct edhoc_cipher_suite edhoc_cipher_suite_4 = {
     .hash_length = 32,      // Output length for SHA-256 (32 bytes)
     .mac_length = 16,       // MAC length (16 bytes)
     .ecc_key_length = 32,   // Elliptic curve key length for X25519 (32 bytes)
-    .ecc_sign_length =
-        64,  // Signature length for EdDSA using X25519 (64 bytes)
+    .ecc_sign_length = 64,  // Signature length for EdDSA using X25519 (64 bytes)
 };
 
 // Cipher Suite 5
@@ -84,13 +77,11 @@ static const struct edhoc_cipher_suite edhoc_cipher_suite_6 = {
     .value = 6,             // Suite identifier 6
     .aead_key_length = 16,  // Key length for A128GCM (16 bytes)
     .aead_tag_length = 16,  // Authentication tag length for A128GCM (16 bytes)
-    .aead_iv_length =
-        12,             // Initialization vector length for A128GCM (12 bytes)
-    .hash_length = 32,  // Output length for SHA-256 (32 bytes)
-    .mac_length = 16,   // MAC length (16 bytes)
-    .ecc_key_length = 32,  // Elliptic curve key length for X25519 (32 bytes)
-    .ecc_sign_length =
-        64,  // Signature length for ES256 using X25519 (64 bytes)
+    .aead_iv_length = 12,   // Initialization vector length for A128GCM (12 bytes)
+    .hash_length = 32,      // Output length for SHA-256 (32 bytes)
+    .mac_length = 16,       // MAC length (16 bytes)
+    .ecc_key_length = 32,   // Elliptic curve key length for X25519 (32 bytes)
+    .ecc_sign_length = 64,  // Signature length for ES256 using X25519 (64 bytes)
 };
 
 // Cipher Suite 24
@@ -98,56 +89,32 @@ static const struct edhoc_cipher_suite edhoc_cipher_suite_24 = {
     .value = 24,            // Suite identifier 24
     .aead_key_length = 32,  // Key length for A256GCM (32 bytes)
     .aead_tag_length = 16,  // Authentication tag length for A256GCM (16 bytes)
-    .aead_iv_length =
-        12,             // Initialization vector length for A256GCM (12 bytes)
-    .hash_length = 48,  // Output length for SHA-384 (48 bytes)
-    .mac_length = 16,   // MAC length (16 bytes)
+    .aead_iv_length = 12,   // Initialization vector length for A256GCM (12 bytes)
+    .hash_length = 48,      // Output length for SHA-384 (48 bytes)
+    .mac_length = 16,       // MAC length (16 bytes)
     .ecc_key_length = 48,   // Elliptic curve key length for P-384 (48 bytes)
     .ecc_sign_length = 96,  // Signature length for ES384 using P-384 (96 bytes)
 };
 
 // Cipher Suite 25
 static const struct edhoc_cipher_suite edhoc_cipher_suite_25 = {
-    .value = 25,            // Suite identifier 25
-    .aead_key_length = 32,  // Key length for ChaCha20 (32 bytes)
-    .aead_tag_length = 16,  // Authentication tag length for Poly1305 (16 bytes)
-    .aead_iv_length = 12,   // Nonce length for ChaCha20 (12 bytes)
-    .hash_length = 64,      // Output length for SHAKE256 (64 bytes)
-    .mac_length = 16,       // MAC length (16 bytes)
-    .ecc_key_length = 56,   // Elliptic curve key length for X448 (56 bytes)
-    .ecc_sign_length =
-        114,  // Signature length for EdDSA using X448 (114 bytes)
+    .value = 25,             // Suite identifier 25
+    .aead_key_length = 32,   // Key length for ChaCha20 (32 bytes)
+    .aead_tag_length = 16,   // Authentication tag length for Poly1305 (16 bytes)
+    .aead_iv_length = 12,    // Nonce length for ChaCha20 (12 bytes)
+    .hash_length = 64,       // Output length for SHAKE256 (64 bytes)
+    .mac_length = 16,        // MAC length (16 bytes)
+    .ecc_key_length = 56,    // Elliptic curve key length for X448 (56 bytes)
+    .ecc_sign_length = 114,  // Signature length for EdDSA using X448 (114 bytes)
 };
 
 const struct edhoc_cipher_suite* suite_pointers[] = {
-    &edhoc_cipher_suite_0,
-    &edhoc_cipher_suite_1,
-    &edhoc_cipher_suite_2,
-    &edhoc_cipher_suite_3,
-    &edhoc_cipher_suite_4,
-    &edhoc_cipher_suite_5,
-    &edhoc_cipher_suite_6,
+    &edhoc_cipher_suite_0, &edhoc_cipher_suite_1, &edhoc_cipher_suite_2, &edhoc_cipher_suite_3, &edhoc_cipher_suite_4,
+    &edhoc_cipher_suite_5, &edhoc_cipher_suite_6,
     // 7,  8,  9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
-    nullptr,
+    nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr,
+    nullptr, nullptr, nullptr, nullptr,
     // 24, 25
-    &edhoc_cipher_suite_24,
-    &edhoc_cipher_suite_25};
+    &edhoc_cipher_suite_24, &edhoc_cipher_suite_25};
 
-const size_t suite_pointers_count =
-    sizeof(suite_pointers) / sizeof(suite_pointers[0]);
+const size_t suite_pointers_count = sizeof(suite_pointers) / sizeof(suite_pointers[0]);

package/src/Utils.cpp

@@ -1,33 +1,22 @@
+#include "Utils.h"
+
 #include <condition_variable>
 #include <cstring>
 #include <mutex>
 #include <thread>
 
-#include "Utils.h"
-
 static constexpr const char* kStringThen = "then";
 static constexpr const char* kStringCatch = "catch";
-static constexpr const char* kErrorInputValueMustBeANumberOrABuffer =
-    "Input value must be a number or a buffer";
-
-void Utils::ResetAndRelease(Napi::FunctionReference& funcRef,
-                            Napi::ThreadSafeFunction& tsfn) {
-  if (!funcRef.IsEmpty()) {
-    funcRef.Reset();
-  }
-  if (tsfn != nullptr) {
-    tsfn.Release();
-    tsfn = nullptr;
-  }
-}
+static constexpr const char* kErrorInputValueMustBeANumberOrABuffer = "Input value must be a number or a buffer";
 
-void Utils::InvokeJSFunctionWithPromiseHandling(
-    Napi::Env env,
-    Napi::Object jsObject,
-    Napi::Function jsCallback,
-    const std::vector<napi_value>& args,
-    std::function<void(Napi::Env, Napi::Value)> callbackLambda) {
+void Utils::InvokeJSFunctionWithPromiseHandling(Napi::Env env,
+                                                Napi::Object jsObject,
+                                                Napi::Function jsCallback,
+                                                const std::vector<napi_value>& args,
+                                                SuccessHandler successLambda,
+                                                ErrorHandler errorLambda) {
   auto deferred = Napi::Promise::Deferred::New(env);
+
   try {
     Napi::Value result = jsCallback.Call(jsObject, args);
     deferred.Resolve(result);
@@ -35,36 +24,28 @@ void Utils::InvokeJSFunctionWithPromiseHandling(
     deferred.Reject(e.Value());
   }
 
-  Napi::Promise promise = deferred.Promise();
-
-  auto thenCallback = Napi::Function::New(
-      env, [callbackLambda](const Napi::CallbackInfo& info) {
-        Napi::Env env = info.Env();
-        Napi::HandleScope scope(env);
-        Napi::Value result = info[0];
-        Napi::Promise::Deferred deferred = Napi::Promise::Deferred::New(env);
-        try {
-          callbackLambda(env, result);
-          deferred.Resolve(result);
-        } catch (const Napi::Error& e) {
-          deferred.Reject(e.Value());
-        }
-        return deferred.Promise();
-      });
+  auto thenCallback = Napi::Function::New(env, [successLambda, errorLambda](const Napi::CallbackInfo& info) {
+    Napi::Env env = info.Env();
+    Napi::HandleScope scope(env);
+    try {
+      successLambda(env, info[0].As<Napi::Value>());
+    } catch (const std::exception& e) {
+      errorLambda(env, Napi::Error::New(env, e.what()));
+    }
+  });
 
-  auto catchCallback =
-      Napi::Function::New(env, [](const Napi::CallbackInfo& info) {
-        Napi::Error error = info[0].As<Napi::Error>();
-        throw error;
-      });
+  auto catchCallback = Napi::Function::New(env, [errorLambda](const Napi::CallbackInfo& info) {
+    Napi::Env env = info.Env();
+    Napi::HandleScope scope(env);
+    errorLambda(env, info[0].As<Napi::Error>());
+  });
 
-  promise.Get(kStringThen).As<Napi::Function>().Call(promise, {thenCallback});
+  Napi::Promise promise = deferred.Promise();
   promise.Get(kStringCatch).As<Napi::Function>().Call(promise, {catchCallback});
+  promise.Get(kStringThen).As<Napi::Function>().Call(promise, {thenCallback});
 }
 
-void Utils::EncodeInt64ToBuffer(int64_t value,
-                                uint8_t* buffer,
-                                size_t* length) {
+void Utils::EncodeInt64ToBuffer(int64_t value, uint8_t* buffer, size_t* length) {
   size_t idx = 0;
   if (value == 0) {
     buffer[idx++] = 0;
@@ -81,10 +62,8 @@ struct edhoc_connection_id Utils::ConvertJsValueToEdhocCid(Napi::Value value) {
   struct edhoc_connection_id cid = {};
   if (value.IsNumber()) {
     int64_t numeric = value.As<Napi::Number>().Int64Value();
-    if (numeric >= ONE_BYTE_CBOR_INT_MIN_VALUE &&
-        numeric <= ONE_BYTE_CBOR_INT_MAX_VALUE) {
-      cid = {.encode_type = EDHOC_CID_TYPE_ONE_BYTE_INTEGER,
-             .int_value = (int8_t)numeric};
+    if (numeric >= ONE_BYTE_CBOR_INT_MIN_VALUE && numeric <= ONE_BYTE_CBOR_INT_MAX_VALUE) {
+      cid = {.encode_type = EDHOC_CID_TYPE_ONE_BYTE_INTEGER, .int_value = (int8_t)numeric};
     } else {
       size_t length = 0;
       Utils::EncodeInt64ToBuffer(numeric, cid.bstr_value, &length);
@@ -97,19 +76,16 @@ struct edhoc_connection_id Utils::ConvertJsValueToEdhocCid(Napi::Value value) {
     cid.bstr_length = buffer.Length();
     memcpy(cid.bstr_value, buffer.Data(), cid.bstr_length);
   } else {
-    throw Napi::TypeError::New(value.Env(),
-                               kErrorInputValueMustBeANumberOrABuffer);
+    throw Napi::TypeError::New(value.Env(), kErrorInputValueMustBeANumberOrABuffer);
   }
   return cid;
 }
 
-Napi::Value Utils::CreateJsValueFromEdhocCid(Napi::Env env,
-                                             struct edhoc_connection_id value) {
+Napi::Value Utils::CreateJsValueFromEdhocCid(Napi::Env env, struct edhoc_connection_id value) {
   if (value.encode_type == EDHOC_CID_TYPE_ONE_BYTE_INTEGER) {
     return Napi::Number::New(env, value.int_value);
   } else if (value.encode_type == EDHOC_CID_TYPE_BYTE_STRING) {
-    return Napi::Buffer<char>::Copy(
-        env, (const char*)value.bstr_value, value.bstr_length);
+    return Napi::Buffer<char>::Copy(env, (const char*)value.bstr_value, value.bstr_length);
   }
   return env.Null();
 }

package/test/basic.test.ts

@@ -0,0 +1,64 @@
+import { EDHOC, X509CertificateCredentialManager, DefaultEdhocCryptoManager, EdhocMethod, EdhocSuite } from '../dist/index'
+
+describe('EDHOC Handshake', () => {
+    // Test setup variables
+    const trustedCA = Buffer.from('308201323081DAA003020102021478408C6EC18A1D452DAE70C726CB0192A6116DBB300A06082A8648CE3D040302301A3118301606035504030C0F5468697320697320434120526F6F74301E170D3234313031393138333635335A170D3235313031393138333635335A301A3118301606035504030C0F5468697320697320434120526F6F743059301306072A8648CE3D020106082A8648CE3D03010703420004B9348A8A267EF52CFDC30109A29008A2D99F6B8F78BA9EAF5D51578C06134E78CB90A073EDC2488A14174B4E2997C840C5DE7F8E35EB54A0DB6977E894D1B2CB300A06082A8648CE3D040302034700304402203B92BFEC770B0FA4E17F8F02A13CD945D914ED8123AC85C37C8C7BAA2BE3E0F102202CB2DC2EC295B5F4B7BB631ED751179C145D6B6E081559AEA38CE215369E9C31', 'hex');
+    let initiator: EDHOC;
+    let responder: EDHOC;
+
+    beforeEach(() => {
+        // Initialize credentials and crypto managers for both parties
+        const initiatorKeyID = Buffer.from('00000001', 'hex');
+        const initiatorCredentialManager = new X509CertificateCredentialManager(
+            [Buffer.from('3082012E3081D4A003020102021453423D5145C767CDC29895C3DB590192A611EA50300A06082A8648CE3D040302301A3118301606035504030C0F5468697320697320434120526F6F74301E170D3234313031393138333732345A170D3235313031393138333732345A30143112301006035504030C09696E69746961746F723059301306072A8648CE3D020106082A8648CE3D03010703420004EB0EF585F3992A1653CF310BF0F0F8035267CDAB6989C8B02E7228FBD759EF6B56263259AADF087F9849E7B7651F74C3B4F144CCCF86BB6FE2FF0EF3AA5FB5DC300A06082A8648CE3D0403020349003046022100D8C3AA7C98A730B3D4862EDAB4C1474FCD9A17A9CA3FB078914A10978FE95CC40221009F5877DD4E2C635A04ED1F6F1854C87B58521BDDFF533B1076F53D456739764C', 'hex')],
+            initiatorKeyID
+        );
+        initiatorCredentialManager.addTrustedCA(trustedCA);
+
+        const initiatorCryptoManager = new DefaultEdhocCryptoManager();
+        initiatorCryptoManager.addKey(initiatorKeyID, Buffer.from('DC1FBB05B6B08360CE5B9EEA08EBFBFC6766A21340641863D4C8A3F68F096337', 'hex'));
+
+        const responderKeyID = Buffer.from('00000002', 'hex');
+        const responderCredentialManager = new X509CertificateCredentialManager(
+            [Buffer.from('3082012E3081D4A00302010202146648869E2608FC2E16D945C10E1F0192A6125CC0300A06082A8648CE3D040302301A3118301606035504030C0F5468697320697320434120526F6F74301E170D3234313031393138333735345A170D3235313031393138333735345A30143112301006035504030C09726573706F6E6465723059301306072A8648CE3D020106082A8648CE3D03010703420004161F76A7A106C9B79B7F651156B5B095E63A6101A39020F4E86DDACE61FB395E8AEF6CD9C444EE9A43DBD62DAD44FF50FE4146247D3AFD28F60DBC01FBFC573C300A06082A8648CE3D0403020349003046022100E8AD0926518CDB61E84D171700C7158FD0E72D03A117D40133ECD10F8B9F42CE022100E7E69B4C79100B3F0792F010AE11EE5DD2859C29EFC4DBCEFD41FA5CD4D3C3C9', 'hex')],
+            responderKeyID
+        );
+        responderCredentialManager.addTrustedCA(trustedCA);
+
+        const responderCryptoManager = new DefaultEdhocCryptoManager();
+        responderCryptoManager.addKey(responderKeyID, Buffer.from('EE6287116FE27CDC539629DC87E12BF8EAA2229E7773AA67BC4C0FBA96E7FBB2', 'hex'));
+
+        // Initialize EDHOC instances
+        initiator = new EDHOC(10, [EdhocMethod.Method1], [EdhocSuite.Suite2], initiatorCredentialManager, initiatorCryptoManager);
+        responder = new EDHOC(20, [EdhocMethod.Method2, EdhocMethod.Method0, EdhocMethod.Method1], [EdhocSuite.Suite2], responderCredentialManager, responderCryptoManager);
+    });
+
+    test('should complete successful EDHOC handshake', async () => {
+        // Perform the three-message handshake
+        const message1 = await initiator.composeMessage1([{ label: 1, value: Buffer.from('Hello') }]);
+        const ead1 = await responder.processMessage1(message1);
+        expect(ead1[0].value.toString()).toBe('Hello');
+
+        const message2 = await responder.composeMessage2();
+        const ead2 = await initiator.processMessage2(message2);
+        expect(ead2).toEqual([]);
+
+        const message3 = await initiator.composeMessage3();
+        const ead3 = await responder.processMessage3(message3);
+        expect(ead3).toEqual([]);
+
+        // Verify that both parties derived the same OSCORE security context
+        const initiatorOSCORE = await initiator.exportOSCORE();
+        const responderOSCORE = await responder.exportOSCORE();
+        
+        expect(initiatorOSCORE.masterSalt).toEqual(responderOSCORE.masterSalt);
+        expect(initiatorOSCORE.masterSecret).toEqual(responderOSCORE.masterSecret);
+        expect(initiatorOSCORE.senderId).toEqual(responderOSCORE.recipientId);
+        expect(initiatorOSCORE.recipientId).toEqual(responderOSCORE.senderId);
+
+        // Verify that both parties can derive the same application keys
+        const initiatorKey = await initiator.exportKey(40001, 32);
+        const responderKey = await responder.exportKey(40001, 32);
+        expect(initiatorKey).toEqual(responderKey);
+    });
+});

package/test/vectors.test.ts

@@ -0,0 +1,111 @@
+import { EDHOC, X509CertificateCredentialManager, DefaultEdhocCryptoManager, EdhocMethod, EdhocSuite, EdhocCredentialsFormat, EdhocKeyType } from '../dist/index'
+
+class VectorsEdhocCryptoManager extends DefaultEdhocCryptoManager {
+
+    async importKey(edhoc: EDHOC, keyType: EdhocKeyType, key: Buffer) {
+        // Method 0, Suite 0, Connection ID -14 - Initiator
+        if (keyType === EdhocKeyType.MakeKeyPair && key && edhoc.connectionID === -14) {
+            key = Buffer.from('892EC28E5CB6669108470539500B705E60D008D347C5817EE9F3327C8A87BB03', 'hex');
+        }
+        // Method 0, Suite 0, Connection ID 0x18 - Responder
+        if (keyType === EdhocKeyType.MakeKeyPair && key && Buffer.isBuffer(edhoc.connectionID) && Buffer.compare(edhoc.connectionID, Buffer.from([0x18])) === 0) {
+            key = Buffer.from('E69C23FBF81BC435942446837FE827BF206C8FA10A39DB47449E5A813421E1E8', 'hex');
+        }
+        return super.importKey(edhoc, keyType, key);
+    }
+}
+
+describe('EDHOC RFC9529 Test Vectors', () => {
+    // Test setup variables
+    const trustedCA = Buffer.from('3082010E3081C1A003020102020462319E74300506032B6570301D311B301906035504030C124544484F4320526F6F742045643235353139301E170D3232303331363038323331365A170D3239313233313233303030305A301D311B301906035504030C124544484F4320526F6F742045643235353139302A300506032B65700321002B7B3E8057C8642944D06AFE7A71D1C9BF961B6292BAC4B04F91669BBB713BE4A3233021300E0603551D0F0101FF040403020204300F0603551D130101FF040530030101FF300506032B65700341004BB52BBF1539B71A4AAF429778F29EDA7E814680698F16C48F2A6FA4DBE82541C58207BA1BC9CDB0C2FA947FFBF0F0EC0EE91A7FF37A94D9251FA5CDF1E67A0F', 'hex');
+    const keyUpdate = Buffer.from('d6be169602b8bceaa01158fdb820890c', 'hex');
+
+    const masterSecret = Buffer.from('1e1c6beac3a8a1cac435de7e2f9ae7ff', 'hex');
+    const masterSalt = Buffer.from('ce7ab844c0106d73', 'hex');
+
+    const masterSecret_Update = Buffer.from('ee0ff542c47eb0e09c69307649bdbbe5', 'hex');
+    const masterSalt_Update = Buffer.from('80cede2a1e5aab48', 'hex');
+
+    // Initiator Identity
+    const initiatorCert = Buffer.from('3081EE3081A1A003020102020462319EA0300506032B6570301D311B301906035504030C124544484F4320526F6F742045643235353139301E170D3232303331363038323430305A170D3239313233313233303030305A30223120301E06035504030C174544484F4320496E69746961746F722045643235353139302A300506032B6570032100ED06A8AE61A829BA5FA54525C9D07F48DD44A302F43E0F23D8CC20B73085141E300506032B6570034100521241D8B3A770996BCFC9B9EAD4E7E0A1C0DB353A3BDF2910B39275AE48B756015981850D27DB6734E37F67212267DD05EEFF27B9E7A813FA574B72A00B430B', 'hex');
+    const initiatorKey = Buffer.from('4C5B25878F507C6B9DAE68FBD4FD3FF997533DB0AF00B25D324EA28E6C213BC8', 'hex');
+    const initiatorKeyID = Buffer.from('00000001', 'hex');
+    
+    // Responder Identity
+    const responderCert = Buffer.from('3081EE3081A1A003020102020462319EC4300506032B6570301D311B301906035504030C124544484F4320526F6F742045643235353139301E170D3232303331363038323433365A170D3239313233313233303030305A30223120301E06035504030C174544484F4320526573706F6E6465722045643235353139302A300506032B6570032100A1DB47B95184854AD12A0C1A354E418AACE33AA0F2C662C00B3AC55DE92F9359300506032B6570034100B723BC01EAB0928E8B2B6C98DE19CC3823D46E7D6987B032478FECFAF14537A1AF14CC8BE829C6B73044101837EB4ABC949565D86DCE51CFAE52AB82C152CB02', 'hex');
+    const responderKey = Buffer.from('EF140FF900B0AB03F0C08D879CBBD4B31EA71E6E7EE7FFCB7E7955777A332799', 'hex');
+    const responderKeyID = Buffer.from('00000002', 'hex');
+    
+    let initiator: EDHOC;
+    let responder: EDHOC;
+
+    beforeEach(() => {
+        // Initiator Setup
+        const initiatorCredentialManager = new X509CertificateCredentialManager([initiatorCert], initiatorKeyID);
+        initiatorCredentialManager.addTrustedCA(trustedCA);
+        initiatorCredentialManager.addPeerCertificate(responderCert);
+        initiatorCredentialManager.fetchFormat = EdhocCredentialsFormat.x5t;
+
+        // Initiator Crypto Manager
+        const initiatorCryptoManager = new VectorsEdhocCryptoManager();
+        initiatorCryptoManager.addKey(initiatorKeyID, initiatorKey);
+
+        // Responder Setup
+        const responderCredentialManager = new X509CertificateCredentialManager([responderCert], responderKeyID);
+        responderCredentialManager.addTrustedCA(trustedCA);
+        responderCredentialManager.addPeerCertificate(initiatorCert);
+        responderCredentialManager.fetchFormat = EdhocCredentialsFormat.x5t;
+
+        // Responder Crypto Manager
+        const responderCryptoManager = new VectorsEdhocCryptoManager();
+        responderCryptoManager.addKey(responderKeyID, responderKey);
+
+        // Initialize EDHOC instances
+        initiator = new EDHOC(-14, [EdhocMethod.Method0], [EdhocSuite.Suite0], initiatorCredentialManager, initiatorCryptoManager);
+        responder = new EDHOC(Buffer.from([0x18]), [EdhocMethod.Method0], [EdhocSuite.Suite0], responderCredentialManager, responderCryptoManager);
+    });
+
+    test('should complete successful EDHOC handshake', async () => {
+        // Perform the three-message handshake
+        const message1 = await initiator.composeMessage1();
+        const ead1 = await responder.processMessage1(message1);
+        expect(ead1).toEqual([]);
+
+        const message2 = await responder.composeMessage2();
+        const ead2 = await initiator.processMessage2(message2);
+        expect(ead2).toEqual([]);
+
+        const message3 = await initiator.composeMessage3();
+        const ead3 = await responder.processMessage3(message3);
+        expect(ead3).toEqual([]);
+
+        const message4 = await initiator.composeMessage4();
+        const ead4 = await responder.processMessage4(message4);
+        expect(ead4).toEqual([]);
+
+        const initiatorOSCORE = await initiator.exportOSCORE();
+        const responderOSCORE = await responder.exportOSCORE();
+
+        expect(initiatorOSCORE.masterSalt).toEqual(responderOSCORE.masterSalt);
+        expect(initiatorOSCORE.masterSecret).toEqual(responderOSCORE.masterSecret);
+        expect(initiatorOSCORE.senderId).toEqual(responderOSCORE.recipientId);
+        expect(initiatorOSCORE.recipientId).toEqual(responderOSCORE.senderId);
+
+        expect(initiatorOSCORE.masterSalt).toEqual(masterSalt);
+        expect(initiatorOSCORE.masterSecret).toEqual(masterSecret);
+
+        await initiator.keyUpdate(keyUpdate);
+        await responder.keyUpdate(keyUpdate);
+
+        const initiatorOSCORE_Update = await initiator.exportOSCORE();
+        const responderOSCORE_Update = await responder.exportOSCORE();
+
+        expect(initiatorOSCORE_Update.masterSalt).toEqual(responderOSCORE_Update.masterSalt);
+        expect(initiatorOSCORE_Update.masterSecret).toEqual(responderOSCORE_Update.masterSecret);
+        expect(initiatorOSCORE_Update.senderId).toEqual(responderOSCORE_Update.recipientId);
+        expect(initiatorOSCORE_Update.recipientId).toEqual(responderOSCORE_Update.senderId);
+
+        expect(initiatorOSCORE_Update.masterSecret).toEqual(masterSecret_Update);
+        expect(initiatorOSCORE_Update.masterSalt).toEqual(masterSalt_Update);
+    });
+});

package/external/libedhoc/externals/zcbor/include/zcbor_debug.h

@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2020 Nordic Semiconductor ASA
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-#ifndef ZCBOR_DEBUG_H__
-#define ZCBOR_DEBUG_H__
-
-#include <stdint.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include "zcbor_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-__attribute__((used))
-static void zcbor_print_compare_lines(const uint8_t *str1, const uint8_t *str2, uint32_t size)
-{
-	for (uint32_t j = 0; j < size; j++) {
-		printk ("%x ", str1[j]);
-	}
-	printk("\r\n");
-	for (uint32_t j = 0; j < size; j++) {
-		printk ("%x ", str2[j]);
-	}
-	printk("\r\n");
-	for (uint32_t j = 0; j < size; j++) {
-		printk ("%x ", str1[j] != str2[j]);
-	}
-	printk("\r\n");
-	printk("\r\n");
-}
-
-__attribute__((used))
-static void zcbor_print_compare_strings(const uint8_t *str1, const uint8_t *str2, uint32_t size)
-{
-	for (uint32_t i = 0; i <= size / 16; i++) {
-		printk("line %d (char %d)\r\n", i, i*16);
-		zcbor_print_compare_lines(&str1[i*16], &str2[i*16],
-			MIN(16, (size - i*16)));
-	}
-	printk("\r\n");
-}
-
-__attribute__((used))
-static void zcbor_print_compare_strings_diff(const uint8_t *str1, const uint8_t *str2, uint32_t size)
-{
-	bool printed = false;
-	for (uint32_t i = 0; i <= size / 16; i++) {
-		if (memcmp(&str1[i*16], &str2[i*16], MIN(16, (size - i*16)) != 0)) {
-			printk("line %d (char %d)\r\n", i, i*16);
-			zcbor_print_compare_lines(&str1[i*16], &str2[i*16],
-				MIN(16, (size - i*16)));
-			printed = true;
-		}
-	}
-	if (printed) {
-		printk("\r\n");
-	}
-}
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ZCBOR_DEBUG_H__ */

package/external/libedhoc/tests/include/cipher_suite_negotiation/test_edhoc_cipher_suite_negotiation.h

@@ -1,37 +0,0 @@
-/**
- * \file    test_edhoc_cipher_suite_negotiation.h
- * \author  Kamil Kielbasa
- * \brief   Test scenarios for cipher suite negotiation.
- * \version 0.4
- * \date    2024-01-01
- * 
- * \copyright Copyright (c) 2024
- * 
- */
-
-/* Header guard ------------------------------------------------------------ */
-#ifndef TEST_EDHOC_CIPHER_SUITE_NEGOTIATION_H
-#define TEST_EDHOC_CIPHER_SUITE_NEGOTIATION_H
-
-/* Include files ----------------------------------------------------------- */
-/* Defines ----------------------------------------------------------------- */
-/* Types and type definitions ---------------------------------------------- */
-/* Module interface variables and constants -------------------------------- */
-/* Extern variables and constant declarations ------------------------------ */
-/* Module interface function declarations ---------------------------------- */
-
-/**
- * \brief Cipher suite negotiation for scenario:
- *        - RFC 9528: 6.3.2. Examples:
- *          - Figure 8: Cipher Suite Negotiation Example 1.
- */
-void test_edhoc_cipher_suites_negotiation_scenario_1(void);
-
-/**
- * \brief Cipher suite negotiation for scenario:
- *        - RFC 9528: 6.3.2. Examples:
- *          - Figure 9: Cipher Suite Negotiation Example 2.
- */
-void test_edhoc_cipher_suites_negotiation_scenario_2(void);
-
-#endif /* TEST_EDHOC_CIPHER_SUITE_NEGOTIATION_H */

package/external/libedhoc/tests/include/cipher_suites/test_cipher_suite_0.h

@@ -1,48 +0,0 @@
-/**
- * \file    test_cipher_suite_0.h
- * \author  Kamil Kielbasa
- * \brief   Unit tests for cipher suite 0.
- * \version 0.4
- * \date    2024-01-01
- * 
- * \copyright Copyright (c) 2024
- * 
- */
-
-/* Header guard ------------------------------------------------------------ */
-#ifndef TEST_CIPHER_SUITE_0_H
-#define TEST_CIPHER_SUITE_0_H
-
-/* Include files ----------------------------------------------------------- */
-/* Defines ----------------------------------------------------------------- */
-/* Types and type definitions ---------------------------------------------- */
-/* Module interface variables and constants -------------------------------- */
-/* Extern variables and constant declarations ------------------------------ */
-/* Module interface function declarations ---------------------------------- */
-
-/**
- * \brief Unit test for ECDSA (EdDSA).
- */
-void test_cipher_suite_0_ecdsa(void);
-
-/**
- * \brief Unit test for ECDH (X25519).
- */
-void test_cipher_suite_0_ecdh(void);
-
-/**
- * \brief Unit test for HKDF extract & expand (HMAC-SHA-256).
- */
-void test_cipher_suite_0_hkdf(void);
-
-/**
- * \brief Unit test for AEAD (AES-CCM-16-64-128).
- */
-void test_cipher_suite_0_aead(void);
-
-/**
- * \brief Unit test for hash (SHA-256).
- */
-void test_cipher_suite_0_hash(void);
-
-#endif /* TEST_CIPHER_SUITE_0_H */